In wireless communication, devices can send and receive messages without being physically coupled. Wireless devices (sometimes called “mobile units” or “MU's”) can include portable computers, telephones, location sensors (such as those using GPS), and the like. Portable computers with wireless communication capability can be coupled to a computer network, such as the Internet or the World Wide Web.
The IEEE 802.11 standard (including 802.11a, 802.11b, and 802.11g) is one known technique for coupling MU's to a computer network. In 802.11, MU's seek out and select “access points” (sometimes called “AP's”), which are themselves physically coupled, for computer communication, to at least a network controller. Each MU associates itself with a particular AP, with which it communicates. Each MU (which might move before, during, or after communication) determines from time to time if it has good communication with its associated AP, and whether it would have better communication with a different AP. Each AP might be coupled to a single device, a collection of devices, or to a computer network.
In alternative embodiments, MU's might communicate directly without using intermediate AP's or system infrastructure. This form of MU-to-MU communication is sometimes referred to herein as a “peer-to-peer” or an “ad hoc” mode of communication between MU's. As described below, security in wireless communication systems should also protect against peer-to-peer modes of communication involving unauthorized devices.
Wireless communication is subject to use by unauthorized (sometimes called “bad” or “rogue”) devices. Rogue devices might include AP's or MU's.
There are at least three types of “active” rogue attacks, that is, rogue attacks that involve communication by the rogue device with at least some elements of the wireless communication system.                Rogue devices might use communication capacity and channels that are otherwise usable by the system. This is sometimes referred to herein as “consuming RF capacity”. That is, the rogue device might not be coupled to the wireless communication system, but might interfere with operation of that wireless communication system by using its airtime or other resources.        Rogue devices might draw away legitimate client devices of the wireless communication system and provide services to them. This is sometimes referred to herein as “hijacking clients”. Services provided by the rogue device might or might not be legitimate, and might or might not be inimical to either the serviced device or to the wireless communication system itself.        Rogue devices might become coupled to the backbone network used by the wireless communication system. This is sometimes referred to herein as “unauthorized connection to the backbone system”. That is, a rogue device might be coupled to the wireless communication system's backbone network and become enabled to communicate with (possibly unauthorized) other devices.        
There are also at least three types of “passive” rogue attacks, that is, rogue attacks that involve listening by the rogue device to messages in the wireless communication system.                Rogue devices might obtain knowledge of the location of users of the wireless communication system. This can possibly be obtained by listening to messages to or from that user, and deducing its location by the strength and destination of messages. This has the effect that the user's location, and possibly identity, can become compromised by a passive rogue attack.        Rogue devices might obtain knowledge of the application(s) used by users of the wireless communication system. For example, applications might include one or more of: file transfer, interactive voice, video downloading, web access, and the like. This can possibly be obtained by listening to messages to or from that user, and deducing its current application location by analysis of its traffic profile. This has the effect that the user's activity, and possibly identity and the nature of that user's work, can become compromised by a passive rogue attack.        Rogue devices might obtain knowledge of the data in message sent to or from users of the wireless communication system, for example, by listening to (sometimes referred to herein as “snooping”) those messages and decrypting their content.        
Known methods of enforcing security in a wireless communication system are subject to several problems.
A 1st known issue is that policing a wireless communication system against rogue devices can be evaded by those unauthorized devices.                In known methods, removing rogue devices from the system takes relatively large amounts of airtime and communication capacity, with the effect that aggressive rogue devices can use substantial communication capacity just by their presence.        In known methods, AP's cannot conveniently or easily both scan for rogue devices and service authorized devices. That is, removing rogue devices involves using AP's to scan for those rogue devices instead of servicing authorized devices, with the effect that providing security can either (1) use more AP's for greater security and greater expense, or (2) use fewer AP's for lesser expense and lesser security, neither of which is entirely satisfactory. This has the effect that AP's cannot conveniently or easily ameliorate the presence of rogue devices.        In known methods, rogue devices can ignore messages intended to remove them from the system. This has the effect AP's cannot conveniently or easily remove rogue devices that deliberately ignore anti-rogue protocol messages.        In known methods, rogue devices can passively snoop authorized messages without substantial notice by security procedures intended to remove them from the system. This has the effect that AP's are not able to conveniently or easily prevent rogue devices from obtaining substantial unauthorized information.        